

/*
 * Copyright 2002-2016 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package thomas.studio.spring.security.ldap.config;

import java.util.Arrays;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.ProviderManager;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

import thomas.studio.spring.security.ldap.securityprovider.InMemoryAuthenticationProvider;
import thomas.studio.spring.security.ldap.securityprovider.LdapAuthenticationProvider;

@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled=true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
	@Autowired
	private InMemoryAuthenticationProvider inMemoryAuthenticationProvider;
	
	@Autowired
	private LdapAuthenticationProvider ldapAuthenticationProvider;
	
	@Override
	protected void configure(HttpSecurity http) throws Exception {
		http.authorizeRequests()
					.antMatchers("/css/**", "/index").permitAll()
					.antMatchers("/user/**").hasRole("USER")
					.and().formLogin().loginPage("/login").failureUrl("/login-error")
					.and().logout().logoutUrl("/logout").logoutSuccessUrl("/login");
					;
	}

/*	@Autowired
	public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
		
		auth
			.inMemoryAuthentication()
				.withUser(User.withDefaultPasswordEncoder().username("user").password("password").roles("USER"));
				
	     auth
         .ldapAuthentication()
             .userDnPatterns("uid={0},ou=people")
             .groupSearchBase("ou=people")
             .contextSource()
                 .url("ldap://192.168.78.127:389/dc=thomas-studio,dc=com")
                 .and()
             .passwordCompare()
                 .passwordEncoder(new LdapShaPasswordEncoder())
                 .passwordAttribute("userpassword");
	}*/
	
	@Override
	protected AuthenticationManager authenticationManager() throws Exception {
		ProviderManager authenticationManager = new ProviderManager(Arrays.asList(
				//inMemoryAuthenticationProvider,
				ldapAuthenticationProvider));
		//不擦除认证密码，擦除会导致TokenBasedRememberMeServices因为找不到Credentials再调用UserDetailsService而抛出UsernameNotFoundException
		authenticationManager.setEraseCredentialsAfterAuthentication(false);
		return authenticationManager;			
	}
}